New Mac malware could secretly record your webcam during video chats
FBI director James Comey made the news last month when he admitted that he tapes over his laptop's webcam to avoid being spied upon. Mark Zuckerberg does it too. As Comey puts it, blocking the webcam is a "sensible" thing to do -- and if you too care about your privacy you should follow suit. But, there is a problem.
When you remove the tape to chat with someone you are left vulnerable. And, as a security researcher will demonstrate today at the VB2016 conference, a hacker could use that opportunity to record Mac users' activities "in an essentially undetectable manner".
Patrick Wardle, the director of Research at Synack and a former NASA and NSA employee, has devised an "attack" that enables malware to monitor a Mac and only record the video sessions when the webcam is in use. It is clever, because that is when you expect the little green indicator next to the webcam to be lit up.
Wardle says that the webcam indicator light on Macs is hardware-based, suggesting that it may not be possible (or likely) to power up the webcam and hide the fact that it is on from the user -- like it can be done on other devices.
"As there are no visible indications of this malicious activity (as the LED light is already on), the malware can record both audio and video without fear of detection", Wardle explains. Basically, it is signaling the fact that it is making use of the webcam, but because a legitimate app, like FaceTime or Skype, is also using it the user has no reason to suspect that they are being secretly recorded by a third-party.
The good news is that Wardle says there are ways to detect when the webcam is used in such a way by malware, and that there will be a free tool for macOS and OS X users that features a detection mechanism and offers alerts when this attack is being carried out.
There is no word on whether Apple can block this piggyback method in a future operating system update, but it should be possible given what Wardle claims. Also, seeing as this is a new attack, there is a fair chance it has not been exploited yet by another party.
Update: The tool Wardle promised is now live.